Wietse Venema:
> This is a site-specific problem. I ran "openssl s_client" and
> "posttls-finger -w" against one of the affected servers, and reliably
> crashed their postscreen daemon. I've been doing similar tests
> against my own servers without any problems.
That was with FreeBSD 13.0, as well as Fedora Linux.
I was able to reproduce the problem with FreeBSD 13.1 RC4 (a release
candidate) from ftp.freebsd.org, with the command
openssl s_client 127.0.0.1:25
This was a Postfix problem that was exposed by a more aggressive
compiler. See patch below.
The real fix, already available with the Postfix 3.8 unstable
release, is to roll back the change from 20211023 that resulted in
this confusing code, so that the mistake cannot be made again.
The code confused both me (so that I made the mistake) and the
compiler (so that it did not report a missing initialization).
Wietse
diff -ur /var/tmp/postfix-3.7.1/src/postscreen/postscreen_smtpd.c
./src/postscreen/postscreen_smtpd.c
--- /var/tmp/postfix-3.7.1/src/postscreen/postscreen_smtpd.c 2021-12-19
08:04:50.000000000 -0500
+++ ./src/postscreen/postscreen_smtpd.c 2022-04-27 09:57:24.000000000 -0400
@@ -1149,6 +1149,8 @@
if (cmdp->flags & PSC_SMTPD_CMD_FLAG_DESTROY)
return;
}
+ } else {
+ cmdp = 0;
}
/*
@@ -1164,7 +1166,7 @@
* Hopefully, someone will call us back to process the remainder of
* the pending input, otherwise we could hang.
*/
- if (cmdp->flags & PSC_SMTPD_CMD_FLAG_SUSPEND)
+ if (cmdp && cmdp->flags & PSC_SMTPD_CMD_FLAG_SUSPEND)
return;
/*
